summaryrefslogtreecommitdiff
path: root/script/update
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-09-09 20:05:11 +0100
committerLeah Rowe <leah@libreboot.org>2023-09-09 20:11:11 +0100
commit20be007f5b7042196647eabc5b6ec9d0d84ac108 (patch)
tree781edcb4441a57b0fe957cd876234b4e897f5796 /script/update
parentf989d5b434f8fe3c6c5baafb8b35ec8e6cfcdbb1 (diff)
blobs/inject: fix checksum validation if no-ucode
on e6400_4mb, the release build scripts remove nvidia's vga rom which is used on dgpu models. however, microcode is also removed in separately copied rom images the inject script was inserting vgaroms directly into these no-microcode roms, but the microcode blob is bigger than the vga rom, and cbfstool inserts into the first available free spot within cbfs, so it was inserting into the spot where cpu microcode went. this caused the rom checksum to not match what was generated during build/release/roms being executed the only real fix is to guarantee offsets within cbfs for all files, by recording what offsets were used and then calculating that during insertion so this patch is a workaround, but fixes the issue. the workaround is: don't insert blobs directly on no-microcode roms, instead insert only on microcode-based roms, then re-copy those roms and remove microcode in aptly named copies it's a bit more convoluted, but works perfectly fine. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'script/update')
-rwxr-xr-xscript/update/blobs/inject25
1 files changed, 24 insertions, 1 deletions
diff --git a/script/update/blobs/inject b/script/update/blobs/inject
index 10691658..abdea964 100755
--- a/script/update/blobs/inject
+++ b/script/update/blobs/inject
@@ -9,6 +9,8 @@
. "include/defconfig.sh"
. "include/blobutil.sh"
+release_archive="n"
+
main()
{
sname="${0}"
@@ -103,8 +105,10 @@ build_dependencies()
inject_blobs()
{
+ release_archive="n"
if [ "${release}" = "true" ]; then
printf "patching release file\n"
+ release_archive="y"
patch_release_roms
else
patch_rom "${rom}" || \
@@ -124,13 +128,22 @@ patch_release_roms()
echo "patching rom $x"
patch_rom "${x}" || err "patch_release_roms: could not patch ${x}"
done
+ for x in "${_tmpdir}"/bin/*/*_nomicrocode.rom ; do
+ [ -f "${x}" ] || continue
+ [ -f "${x%_nomicrocode.rom}.rom" ] || continue
+
+ cp "${x%_nomicrocode.rom}.rom" "${x}" || \
+ err "patch_release_roms: ${x}: can't overwrite no-ucode rom"
+ "${cbfstool}" "${x}" remove -n cpu_microcode_blob.bin || \
+ err "patch_release_roms: ${x}: cannot remove u-code"
+ done
(
cd "${_tmpdir}"/bin/*
# NOTE: For compatibility with older rom releases, defer to sha1
sha512sum --status -c blobhashes || \
- sha1sum --statuc -c blobhashes || \
+ sha1sum --status -c blobhashes || \
err "patch_release_roms: ROMs did not match expected hashes"
)
@@ -154,6 +167,16 @@ patch_rom()
{
rom="${1}"
+ # we don't process no-microcode roms; these are
+ # instead re-created at the end, after re-inserting
+ # on roms with microcode, by copying and then removing,
+ # so that the hashes will match (otherwise, cbfstool
+ # may sometimes insert certain blobs at the wrong offset)
+ # (unless nomicrocode is the only config provided)
+ [ "${rom}" != "${rom%_nomicrocode.rom}.rom" ] && \
+ [ -f "${rom%_nomicrocode.rom}.rom" ] && \
+ [ "${release_archive}" = "y" ] && return 0
+
check_defconfig "${boarddir}" || exit 1
set -- "${boarddir}/config/"*
. "${1}" 2>/dev/null